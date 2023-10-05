MONTPELIER, Vt. (WCAX) - Vermont will get $3 million as part of a multi-state settlement with the computer software Blackbaud over a 2020 data privacy breach.

Blackbaud, which provides software to organizations like charities, schools, and hospitals, was at the center of a ransomware attack involving Social Security numbers and other sensitive health data.

“Our investigation determined that this breach occurred because Blackbaud did not have sufficient data security practices in place, leaving known gaps in their system that was targeted by the hacker,” said Attorney General Charity Clark, D-Vt, who was among 49 attorneys general that approved the settlement. She says the company also violated data breach notification laws by delaying or not informing consumers. “It is much cheaper to implement good data practices than it is to do the cleanup with the mistakes after the fact.”

The Attorney General’s Office says there were 801 data breaches reported in 2021 alone, impacting upwards of 128,000 Vermonters. Last year 685 breaches were impacting more than 150,000 people. And there have been 465 reported breaches so far this year.

Clark is calling on the Legislature to strengthen privacy protection by limiting the amount of data companies can collect and keep.

Rep. Michael Marcotte, R-Coventry, chairs the House Committee on Commerce and Economic Development and is sponsoring a bill to do just that, but he says he has met some resistance from the business community. “How tough is the law and how will businesses be able to comply with the law -- I think that’s where some of the problems will arise,” he said.

Marcotte says data and language in the bill are dated and it’s likely his committee will need to start from scratch in the coming session. He hopes to use what other states like California and Connecticut have implemented as a guide.

